Hi to all I have the following problem with my FreeRADIUS 2.1.8 + MySQL 5.0.75-0ubuntu10.2 I configure my Freeradius in the most basic configuration like You recommend in your SQL HOWTO and I can Authenticate an user whit the users file and everithing runs very well with all my users .... Now I configure It with MySQL and My Freeradius is talking with MySQL but I Can't get an Access-Accept to my users If I run a radtest, I can have an Access-Accept but when I run with my Laptop using Windows XP SP3 I only have an Access-Reject... This is my radiusd -X output, when I run my radtest and I can get an Access-Accept root@servidor1-desktop:/usr/local/etc/raddb# radtest alexmoon prueba 127.0.0.1 1812 testing123 rad_recv: Access-Request packet from host 127.0.0.1 port 32878, id=165, length=60 User-Name = "alexmoon" User-Password = "prueba" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "prueba" [pap] Using clear text password "prueba" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 165 to 127.0.0.1 port 32878 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 165 with timestamp +129 Ready to process requests. ################################################################################################ And this is my radiusd -X Output with the same user when I try to authenticate my laptop, is a very large output and I can see it is doing more than 1, 2, 3,.... request and only in the first I can see the sql interaction... rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=0, length=178 Message-Authenticator = 0x98fe26e9ef295e0939b045b3c3883ba9 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000d01616c65786d6f6f6e NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.1.10 port 1060 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 EAP-Message = 0x010100160410739d9907d0f007e8a5b9bf9e6ceedeb2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db043b04154cf77263c06ef160 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=1, length=189 Message-Authenticator = 0x90c2a53ea79f5b5fcff2ff4effa6c9c9 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db043b04154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020100060319 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> alexmoon [sql] sql_set_user escaped user --> 'alexmoon' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'alexmoon' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'alexmoon' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'alexmoon' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'dynamic' ORDER BY id [sql] User found in group dynamic [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'dynamic' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 192.168.1.10 port 1060 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db053819154cf77263c06ef160 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=2, length=263 Message-Authenticator = 0xeeb28ab0ada1ad4ba26125a9d6c10d0c Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db053819154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0202005019800000004616030100410100003d03014b4fad659a9ce2fbeb4f5ffea969ffa643916fb5fe5947f16116d57cdbd2507a00001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.1.10 port 1060 EAP-Message = 0x0103040019c00000089b160301002a0200002603014b4fad608e1611c18dd5080c12aa082cfa8dbab65a830ff3d7f424f6a876d40700000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039313232343138323330365a170d3130313232343138323330365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cf4dc6ad3d327155612f45f3a965c735dd65532ed0d3b9abb36a4e8a15c7650f375fc676baddfbafd21fba35dad2819fa96aa3dbee1849eb8f945049b6bb EAP-Message = 0x6ab5cd9a58a1a4f661dce9a69e81422473bed1c7a47f708abdc60fd13b1c29fdef726b675346e590013ea3cae14bbb57c8b1582d0e5c6c02a4c4dec2a24dbfcc984f04f0cef38473118b210722e07d7c28b1f6d4520b85dcd4bf36744920f63535dbf5a4700464fb667b30ac94afa0c407905ea03d5977095f804fffdda7834cbb5ac049d498465f24b71be83d8ae93d015530b760a5080dbe28c2456797b34e1dc478a32906cadfb203d8b11a4fb4b1e90538f20fe427d0e34f047c3ca198543bf30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010003c62e5e0d0244b6f5 EAP-Message = 0x9925e951afecbeb0abf6f3a3e953bdfc1c85048b10d067ed86802d4dcd24ce16f5f6432e202dd5e91ce09a405e5f4f218406ca5e4172f15d392905f70a4d3a4512140c307fd68abac0255be7e3b551b3b4a6c63ae85bbb451dc136fc5f937d8789bdd5a5f9167ed5e75a50e4f847becb0e87c52e45cfc59f0363036d4a198e6b972c0d759e9f457c2d34946b5c220e3f7d49f01eb6f507333d3295720a1fc945b35c372a99974c54b72f5436739626328fec5ce6d4e5ca5e2149a3b92369400777cce709b3cde7af38a12d1b2b26d8de204a049257ecb700f901e156bede5e82ab6cdbf4428a9ef5bbf80f0b55ab5e9144e6f074407e350004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db063919154cf77263c06ef160 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=3, length=189 Message-Authenticator = 0xb6576d7ee5e01e197c632fe7d20f45a1 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db063919154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.1.10 port 1060 EAP-Message = 0x010403fc194000b526c63ec2860c41300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313232343138323330365a170d3130313232343138323330365a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100af53216f4070226b6621456467b8083ec8228e3c839fccd9b8133d19a065df275fea1450334ce0bb9942a863872efe551ed4f1a1adfd541eb5d1e918be984db37964a4c137153f3db595dd7d0dccddbc5a5104df68e170a6eda0d63f2bb866451c254e3a49c4f4f3e1f6071e7e65d1 EAP-Message = 0x489f4144e709bfe07d05d66fc198985555dd7f1c03216c5d71a074ac4bddadec93aadba95434368ccea897fb5ad0e16ebe9a7e2813961563f7b282f63ad653dfe16fca332e5cf93c9c47b3bc6a5af350d74676d425f0d47865ad0999ce9491ef5fe1f2d1c9b8d9b78e9b6f92b0d14d663c61f26261d65e41450b7cad7d729d2c1e5215081bb4ae3dab3e09532ad597f13f0203010001a381fb3081f8301d0603551d0e041604141254e57464a345c8860b1e1368ce66bf1a2de5423081c80603551d230481c03081bd80141254e57464a345c8860b1e1368ce66bf1a2de542a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b526c63ec2860c41300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010085166fde34033935062c9a1f91962eb3a64d55a9d0766ac75d9cc485c761eb793c76264323c8a5b665d12f821cc685509791ef32bc042d6f45380ce11393384b634483d3386b856654560cfb3758ccc63b30 EAP-Message = 0x71fc430f72b2c81d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db073e19154cf77263c06ef160 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=4, length=189 Message-Authenticator = 0xb377f7d0c4cb51758726ca050fd7146f Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db073e19154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020400061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.1.10 port 1060 EAP-Message = 0x010500b51900794b79ea841348662131dd8b2859030e05ae6e25eb94aeeb47189dfcad0ac73fbe13bc40052ea36862e34b18ae12dd66466c5db8690b7e915696e287191d756618c6690ab8a82b0e9e63070a5beb6de3ce93a78f31894b85c798381dc69e976b052b80b01ecc3d3acb7bf8141aa124094d24b808a32a304ab9174e2e484918c7f5067e9b9126c4e14a479c915bbef300845ad0674216abb7b198b2ff6531d2f59f6c5bdc625216030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db003f19154cf77263c06ef160 Finished request 14. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=5, length=505 Message-Authenticator = 0x1027e3e1828740fbe58c5a21c7b36a7f Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0x043a00db003f19154cf77263c06ef160 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0205014019800000013616030101061000010201001d150b43732d1df67a2c9954e40dbd0d4b1a3942a1bf6105668d17322943422740a559b73ddb1ea538586ee1e22620c4d3cd7ce369f1cd14d6eba6d31a190ffb8d6fce52fb9f4693e44343b7d989754d8a7a6e5ee16b4b5a3ebb2937a589cab9bff4332f49ef53da68507b8bd5a96ba94d8060ec0f044c49f4759ff41d0032b1a4b34dc6c757900387e066af1ad174439e715b01a23eb989691755772e8f377fc99f4c4d7e66c82e77cf4eadc5041adcd97210283b9155398c3af6465e84b299fd0140c9ef4e0a70438af3f60e0a7a083b360ba8caef281fc5dec4df0ab765c9ac14e0299ff96b9e EAP-Message = 0xb195517d78c1fb27bacce08d8595e6d0a735e11b894c3d5e14030100010116030100205c494488b295571f372cddd27008921d743a867ac158300c73d88eb53cdcd6c0 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.1.10 port 1060 EAP-Message = 0x010600311900140301000101160301002067fe1793f016565d10b02851ee1a7248c50e5406b4074453e24b318bb0989a20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x043a00db013c19154cf77263c06ef160 Finished request 15. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=6, length=505 Message-Authenticator = 0x728299ab490caf6af3905238fb92df7a Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d191490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020601401980000001361603010106100001020100abda5c21ed9ff50be717e2d776b293bc884bbd72c165f9493208a21442db65d253bcd44a2756a1106d21af9d68b4f242185e9b96a2f63de4fbb3999acfccb21124ca1f7d3d9586b0e3d0993f08d0d1971c6a20b653efee63056ef7cbb2e5d43e922aff8ec8c99ebe3f11fe3f1c87521b7d82f58a8dfea2f0719a87118c13122a7036fa65acc6dfcd79d244dd8b7fe6298eba29ddabf42ef10efb449328499585a9eeab013a42da816cd0dce04745a1c595f9d8c9169957c87a7fef626825a0254db8c2ab08ea84c61bf57d8991f98cb56978e10f5ffae23d025080a755dd1b162fe2643f66ff92c3 EAP-Message = 0xcdef94ee28aaa02fdae268614bf4dcd5f1492f1d4dc40ad51403010001011603010020edefeea82fcb88158e3b7734a649469f8942ca0f600b945360e10ff5f1b237ab NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.1.10 port 1060 EAP-Message = 0x01070031190014030100010116030100200ce6d1a797311fb8320943f625858c9ed525457cf7b530143b24685f2d00ce32 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d090490045b22f12f1b8e43e Finished request 16. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=7, length=189 Message-Authenticator = 0xf6156e7f878a80e329008af8da8b1d67 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d090490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020700061900 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.1.10 port 1060 EAP-Message = 0x0108002019001703010015bd2ca6dc31201cbac2765c94ad5303ba4129260bf8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d39f490045b22f12f1b8e43e Finished request 17. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=8, length=219 Message-Authenticator = 0xd4d619972ac59c3378c8cbbfa0c8b0aa Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d39f490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0208002419001703010019b852857840f2598aa6f763c8cf37968914ee607f6b8d338b5a NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 36 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - alexmoon [peap] Got tunneled request EAP-Message = 0x0208000d01616c65786d6f6f6e server { PEAP: Got tunneled identity of alexmoon PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to alexmoon Sending tunneled request EAP-Message = 0x0208000d01616c65786d6f6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "alexmoon" Service-Type = Framed-User Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 13 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x236e171123670dd05b80bcbd90b4450f [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900221a0109001d10df7423b52603b13210d2ab29758122cd616c65786d6f6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x236e171123670dd05b80bcbd90b4450f [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 8 to 192.168.1.10 port 1060 EAP-Message = 0x010900391900170301002e34b8040eee73493cdbab2165d4af7b7b846dc28272752c8c870a55590c2961a1467130f4273c935663d362439ebf Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4d29e490045b22f12f1b8e43e Finished request 18. Going to the next request Waking up in 2.6 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=9, length=273 Message-Authenticator = 0xe240978f209e4bbe0dc03c770b583d4e Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4d29e490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0209005a1900170301004f0a8979df9593c6ea1ae7efbd97b57e6c69ce5269a3191f1cee64f80be2e37da7808f7867320332f9f5234c4e1b9efc74068bcef6c9a838994b8067c79dba9d4cdf8070b7a72e47759ac67e977924a9 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 90 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e server { PEAP: Setting User-Name to alexmoon Sending tunneled request EAP-Message = 0x020900431a0209003e314bb8a0e4a2fed3fb7f36852ae21d2c6f0000000000000000ad31edb3c40dd7c7b3479ebdea4885e099f63702c6eb18f800616c65786d6f6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "alexmoon" State = 0x236e171123670dd05b80bcbd90b4450f Service-Type = Framed-User Framed-MTU = 1488 Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for alexmoon with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 9 to 192.168.1.10 port 1060 EAP-Message = 0x010a00261900170301001bcb26c0900b6c7334a11d90d38d3eae1d4bed0508ec5dcafbe5cf9e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd59750e4dd9d490045b22f12f1b8e43e Finished request 19. Going to the next request Waking up in 2.6 seconds. rad_recv: Access-Request packet from host 192.168.1.10 port 1060, id=10, length=221 Message-Authenticator = 0x30bd3c98fa2126beff67293312dd4d54 Service-Type = Framed-User User-Name = "alexmoon" Framed-MTU = 1488 State = 0xd59750e4dd9d490045b22f12f1b8e43e Called-Station-Id = "00-21-27-FB-5A-10:TP-LINK" Calling-Station-Id = "00-22-68-B7-EE-D7" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020a00261900170301001b1cee016d3d76e97133abb3fb9e621ac14d14ed95a56470c731c8c7 NAS-IP-Address = 192.168.1.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "alexmoon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> alexmoon attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 20 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 20 Sending Access-Reject of id 10 to 192.168.1.10 port 1060 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1.6 seconds. Cleaning up request 10 ID 0 with timestamp +53 Cleaning up request 11 ID 1 with timestamp +53 Cleaning up request 12 ID 2 with timestamp +53 Cleaning up request 13 ID 3 with timestamp +53 Cleaning up request 14 ID 4 with timestamp +53 Cleaning up request 15 ID 5 with timestamp +53 Waking up in 1.1 seconds. Cleaning up request 16 ID 6 with timestamp +54 Waking up in 1.0 seconds. Cleaning up request 17 ID 7 with timestamp +55 Cleaning up request 18 ID 8 with timestamp +55 Cleaning up request 19 ID 9 with timestamp +55 Waking up in 1.0 seconds. Cleaning up request 20 ID 10 with timestamp +55 Ready to process requests. ############################################################################################################## If You have any sugestion I really appreciate, Thanks for your time to help me and all the people in this mailing list.... Thank you in advance... All